local io = require("io")
local cjson = require("cjson.safe")
--local zhttp = require "resty.http"
local string = require("string")

local _M = {
    ---waf
    waf_enable = "off",
    xwaf_version = 2.23,
    config_version = 0,
    config_domain="https://xwaf.xxx.com.cn",
    api_token="luaapitoken123456",
    appname ="",
    --file or kafka default 9092
    kafka_broker_ip="192.168.xx.xx",
    log_model="kafka",
    log_dir="/tmp",

    waf_exclude_intranet = true,
    waf_exclude_static_file = true,

    white_url_check = false,
    white_ip_check = false,
    white_ua_check = false,
    white_rf_check = false,
    black_ip_check = false,
    waf_urldeny_check = false,
    url_check = false,
    url_args_check = false,
    user_agent_check = false,
    referer_check = false,
    cookie_check = false,
    post_check = false,
    waf_model = "html",
    waf_redirect_url = "",
    waf_expire_time = 180,
    waf_html = "request deny",
    verify_html = "no verify",
    limit_html = "Too many requests",
    waf_url_length = 4096,

    risk_ip_check = false,
    waf_riskip_model = "deny",
    waf_riskip_ratev = 1,
	--rule
	waf_rule = nil, 
    urldeny_rule = nil, 

    ---reqlimit
    reqlimit_enable = "off",
    reqlimit_rule = nil,
    reqlimit_exclude_intranet = true,
    reqlimit_exclude_static = true,
    reqlimit_exclude_cookie = true,
    --exclude cookie
    exclude_cookie = "",
    reqlimit_exclude_subrequest = true,
    reqlimit_exclude_internalrequest = false,

    ---white
    reqlimit_white_enable = true,
    reqlimit_white_list = nil,
    reqlimit_statuscode = 503,
	
    --balckip
    blackip_list = nil,
}

function ReadAppname()
    local file = io.open("/usr/local/xwaf/conf/appname.json","r")
    local app = file:read("*a");
    file:close()
    if app == nil then
	    return nil
    end
    local json = cjson.decode(app)
    if json.appname == "default" or json.appname == "" then
        return nil
    end
    return json.appname
end

function ReadWaf()
    local file = io.open("/usr/local/xwaf/conf/waf_config.json","r")
    if file ~= nil then
       local json = file:read("*a");
       file:close()
       return json
    end
    return nil
end

function ReadWafRule()
    local file = io.open("/usr/local/xwaf/conf/waf_rule.json","r")
    if file ~= nil then
       local json3 = file:read("*a");
       file:close()
       return json3
    end
    return nil
end

function ReadBlackIp()
    local file = io.open("/usr/local/xwaf/conf/waf_blackip.json","r")
    if file ~= nil then
       local json = file:read("*a");
       file:close()
       return json
    end
    return nil
end

function ReadHtml()
    local file = io.open("/usr/local/xwaf/403.html","r")
    local html = file:read("*a");
    file:close()
    return html
end

function ReadVerifyHtml()
    local file = io.open("/usr/local/xwaf/verify.html","r")
    local html = file:read("*a");
    file:close()
    return html
end

function ReadLimitHtml()
    local file = io.open("/usr/local/xwaf/503.html","r")
    local html = file:read("*a");
    file:close()
    return html
end

function _M.GetConfig_fromfile()
	local htmltpl = ReadHtml()
    local verifyHtml = ReadVerifyHtml()
    local htmlLimitTpl = ReadLimitHtml()
	local waffile = ReadWaf()
	local wafrule = ReadWafRule()
	local blackip = ReadBlackIp()
    local app_name = ReadAppname()
	local json = cjson.decode(waffile)
	--local json3 = cjson.decode(wafrule)
	--local json4 = cjson.decode(blackip)
	
    if app_name ~= nil then
        _M.appname = app_name
    end

	if htmltpl ~= nil then
        	_M.waf_html = htmltpl
	end

    if htmlLimitTpl ~= nil then
        _M.limit_html = htmlLimitTpl
    end

    if verifyHtml ~= nil then
        _M.verify_html = verifyHtml
    end
    
	if wafrule ~= nil then
        _M.waf_rule = wafrule 
		
	end

    if blackip ~= nil then
        _M.blackip_list = blackip 
    end


	if waffile ~= nil and json.waf_enable ~= nil then 
			_M.waf_enable = json.waf_enable
			_M.appname = json.appname  --read from local config
			_M.waf_exclude_intranet = json.waf_exclude_intranet
			_M.waf_exclude_static_file = json.waf_exclude_static
			_M.white_url_check = json.white_url_check
			_M.white_ip_check = json.white_ip_check
            _M.white_ua_check = json.white_ua_check
            _M.white_rf_check = json.white_rf_check
			_M.black_ip_check = json.black_ip_check
			_M.url_check = json.url_check
			_M.url_args_check = json.url_args_check
			_M.user_agent_check = json.user_agent_check
            _M.referer_check = json.referer_check
			_M.cookie_check = json.cookie_check
			_M.post_check = json.post_check
			_M.waf_model = json.waf_model
			_M.waf_redirect_url = json.waf_redirect_url
			_M.waf_expire_time = json.waf_expire_time	
            if json.waf_url_length > 0 then	
                _M.waf_url_length = json.waf_url_length	
            end				
			_M.reqlimit_enable = json.reqlimit_enable
			_M.reqlimit_exclude_intranet = json.reqlimit_exclude_intranet
			_M.reqlimit_exclude_static = json.reqlimit_exclude_static
            _M.reqlimit_exclude_cookie = json.reqlimit_exclude_cookie
            if json.exclude_cookie ~= "" then
                _M.exclude_cookie = json.exclude_cookie
            end

            _M.reqlimit_exclude_subrequest = json.reqlimit_exclude_subrequest
            _M.reqlimit_exclude_internalrequest = json.reqlimit_exclude_internalrequest

            _M.reqlimit_white_enable = json.reqlimit_white_enable
            _M.reqlimit_statuscode = json.reqlimit_statuscode
			
			_M.reqlimit_rule = waffile 
            _M.reqlimit_white_list = waffile 
	end


end

_M.GetConfig_fromfile()

--将tabl set 进dict
local wafconfig = ngx.shared.wafconfig
for k,v in pairs(_M) do
	--ngx.log(ngx.DEBUG, string.format("%s:%s",k,v))
    if k == "reqlimit_statuscode" then
        local ret = wafconfig:set(k,v)
        ngx.log(ngx.DEBUG,string.format("wafconfig:%s result: %s",k,ret))
    else
	    local ret = wafconfig:set(k,string.format("%s",v))
        ngx.log(ngx.DEBUG,string.format("wafconfig:%s result: %s",k,ret))
    end
	--local ret = wafconfig:set(k,v)
end 

--local ret2 = wafconfig:get("config_version")
--ngx.log(ngx.DEBUG,ret2)

return _M
